Title: Cisco IOS Software TELNET Option Handling Vulnerability
Severity: MODERATE
Description:
Certain versions of Cisco's IOS software have a vulnerability in the Telnet Environment handling code. In particular if a certain option (ENVIRON) is passed to the Cisco IOS Telnet Daemon it will cause IOS to reload itself thereby rebooting the device it is bootstrapped on. This attack can be launched repeatedly thereby effecting a Denial of Service attack.
Affected Products:
- Cisco 7100 0.0.0
- Cisco 7200 0.0.0
- Cisco 7500 0.0.0
- Cisco Access Server 0.0.0AS5200
- Cisco Access Server 0.0.0AS5300
- Cisco Access Server 0.0.0AS5800
- Cisco AccessPath 0.0.0LS-3
- Cisco AccessPath 0.0.0TS-3
- Cisco AccessPath 0.0.0VS-3
- Cisco Cable Router 0.0.0ubr7200
- Cisco IOS 11.3AA
- Cisco IOS 12.0.2
- Cisco IOS 12.0.2XC
- Cisco IOS 12.0.2XD
- Cisco IOS 12.0.2XF
- Cisco IOS 12.0.2XG
- Cisco IOS 12.0.3T2
- Cisco IOS 12.0.4
- Cisco IOS 12.0.4S
- Cisco IOS 12.0.4T
- Cisco IOS 12.0.5
- Cisco IOS 12.0.6
- Cisco IOS 12.0.7
- Cisco System Controller 0.0.0SC3640
- Cisco Voice Gateway 0.0.0AS5800
References:
- Cisco Systems: Cisco Product Security Incident Response
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
